An Light-weight Authenticated Encryption Algorithm Based On OCB Mode

Authenticated encryption algorithm is a crypto algorithm that provides both confidentiality and integrity for data transmission,which is widely used in security protocols such as TLS and SSL.Authenticated encryption is the epitome of symmetric encryption,involving block cipher,stream cipher,cipher working mode,cipher analysis,security proof and many other aspects.Its design has also been the focus and difficulty of symmetric cryptography research.In recent years,NIST has launched the CAESAR competition and the lightweight crypto standardization process,which has set off a new wave of research on authenticated encryption algorithms.Among them,high efficiency,lightweight and robustness are considered to be the three most important aspects of authenticated encryption research.This paper aims to design an authenticated encryption algorithm based on OCB mode that achieves higher security with minimum efficiency and is suitable for lightweight devices.This paper first introduces the research status of authenticated encryption at home and abroad,analyzes the new security challenges in the current research of authenticated encryption algorithms,discusses and studies the working mode of authenticated encryption,and points out the key issues in theoretical research and practical application.In view of the security problems of lightweight devices,such as insufficient security storage space and computing power,which lead to release of unverified plaintext(INT-RUP)and insufficient ability to resist nonce-reuse attacks from initial vectors,this paper proposes two OCB-based working modes and gives security proof.At the same time,this paper designs an efficient implementation method of dynamic parallel computing through instruction pipeline.The main contents of this paper are as follows:1.This paper analyzes the structural defects of OCB that does not meet the requirements of nonce-misuse and RUP security,then analyzes an existing OCB construction scheme that meets the RUP security property.It is proved that it does not meet the strong RUP security by constructing attacks under stronger security properties.At the same time,it is proved by experiments that its efficiency is not ideal.2.In order to deal with the two security problems of nonce misuse and release of unverified plaintext,this paper designs two working modes of authenticated encryption algorithm based on OCB.As the most efficient algorithm in practical applications,OCB itself does not provides RUP security because of its checksum weakness.This paper specifically proposes the OCB-RUP mode to solve this problem.At the same time,OCB is not safe when nonces are misused.With the help of similar construction,this paper proposes the OCB-nm RUP mode as an optional solution.3.With the help of provable security theory,this paper proves that the proposed algorithm is close to optimal security.In the original INT-RUP security model,adversary is restricted from using the results of its encryption oracle to query its decryption oracle,which makes the original security model too ideal in practical reference.This paper uses a stronger security model,which removes this restriction,proving that the algorithm designed in this paper has stronger security and application value.4.In this paper,with the help of AES-NI and PLMULQDQ instructions,the feasibility is measured by experiments in x86-64 environment.Through the comparison and analysis with several existing authenticated encryption algorithms,the experiment verifies the efficiency and low overhead of the algorithm.Among them,the OCBRUP mode provides RUP security for the original OCB mode with only 34% of additional overhead.Even the slower OCB-nm RUP mode can encrypt a byte in a cycle,which achieve stronger security with minimal overhead to meet the needs of lightweight devices.